Chromium, V8: Multiple vulnerabilities
Multiple vulnerabilities have been reported in Chromium and V8,
worst of which may allow execution of arbitrary code.
chromium v8
March 05, 2014
March 05, 2014: 1
486742
488148
491128
491326
493364
498168
499502
501948
503372
remote
33.0.1750.146
33.0.1750.146
3.20.17.13
Chromium is an open-source web browser project. V8 is Google’s open
source JavaScript engine.
Multiple vulnerabilities have been discovered in Chromium and V8. Please
review the CVE identifiers and release notes referenced below for
details.
A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process or a Denial of Service condition. Furthermore, a remote attacker
may be able to bypass security restrictions or have other unspecified
impact.
There is no known workaround at this time.
All chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-client/chromium-33.0.1750.146"
Gentoo has discontinued support for separate V8 package. We recommend
that users unmerge V8:
# emerge --unmerge "dev-lang/v8"
CVE-2013-2906
CVE-2013-2907
CVE-2013-2908
CVE-2013-2909
CVE-2013-2910
CVE-2013-2911
CVE-2013-2912
CVE-2013-2913
CVE-2013-2915
CVE-2013-2916
CVE-2013-2917
CVE-2013-2918
CVE-2013-2919
CVE-2013-2920
CVE-2013-2921
CVE-2013-2922
CVE-2013-2923
CVE-2013-2925
CVE-2013-2926
CVE-2013-2927
CVE-2013-2928
CVE-2013-2931
CVE-2013-6621
CVE-2013-6622
CVE-2013-6623
CVE-2013-6624
CVE-2013-6625
CVE-2013-6626
CVE-2013-6627
CVE-2013-6628
CVE-2013-6632
CVE-2013-6634
CVE-2013-6635
CVE-2013-6636
CVE-2013-6637
CVE-2013-6638
CVE-2013-6639
CVE-2013-6640
CVE-2013-6641
CVE-2013-6643
CVE-2013-6644
CVE-2013-6645
CVE-2013-6646
CVE-2013-6649
CVE-2013-6650
CVE-2013-6652
CVE-2013-6653
CVE-2013-6654
CVE-2013-6655
CVE-2013-6656
CVE-2013-6657
CVE-2013-6658
CVE-2013-6659
CVE-2013-6660
CVE-2013-6661
CVE-2013-6663
CVE-2013-6664
CVE-2013-6665
CVE-2013-6666
CVE-2013-6667
CVE-2013-6668
CVE-2013-6802
CVE-2014-1681
pinkbyte
pinkbyte